As far as we can tell all SQL and administrative traffic (e.g.
cockroach node status or replication configuration) happens over the same port/network interface. Additionally “administrative” access is not authorized in any way. This is potentially problematic from a security perspective as it’s difficult to restrict operational access to the servers without hurting application functionality.
** Note: this is a copy of a community asked question on a different communication channel